Known distributors, the latest news from VirusTotal
From VirusTotal they indicate that security teams receive a large number of alerts. Being able to classify all these alerts, knowing where they come from, what type of file it really is or what its distributor is, is going to take a lot of time. This causes that on many occasions, due to this “alert fatigue”, analysts are not able to manage all the alerts and many of them ignore them.
This can logically be a major problem, as it is possible that a Security alert important is not detected as such. It is not the same to receive 10 alerts per day and have to analyze them, than to receive 1,000, to put two figures as an example. In the latter case, managing and investigating these alerts is not always possible and many are ignored.
That is the reason why since VirusTotal They have released this new feature. This is a new attribute that will inform those who use this service to detect malicious files. What it does is determine which company or product a specific file belongs to.
Now, beyond showing the attributes that they already indicated when analyzing a hash, this VirusTotal service will indicate the origin of that file. This is what the well-known dealer feature does. For example, you can tell us that a certain file comes from Microsoft. It is especially useful for detecting false positives. It is one of the options to analyze files online.
Origin of VirusTotal data
The developers of this new feature indicate that they obtain the data from different sources. Among them is HashDB, which is an internal service that is responsible for extracting image files from the base operating system and updates from the system itself.
It also uses NSRL, which we can translate into Spanish as the National Software Reference Library. It is an American project that is responsible for collecting software from various sources and thus incorporating file profiles calculated from that software into a data set.
Also, use VT Monitor, which is a VirusTotal service that periodically analyzes files from software publishers. This basically serves to prevent false positives.
In short, this new function will serve especially to avoid false positives and facilitate the task of analyzing files and knowing their origin. It is always important to have good antivirus and services of this type with which to be able to scan for threats and protect computers. We can see all the information related to the characteristic of known distributors on the official website of VirusTotal.